“Utilities use sensors that work in similar fashion to residential smart devices,” said Colin Tarkington, a computer science sophomore at Pellissippi State Community College. “Sensors can monitor temperature and detect if doors are open. The companies that make smart devices are providing the utilities with sensors, and understanding the residential devices can lead us to infer how secure the utility’s systems are.”
Tarkington has been researching doorbell cameras to understand what information is sent over the internet. Overall, he was impressed with the encryption used to pass information. But some devices had a flaw that allowed a live feed to be turned off using a simple command to the device, leaving the door areas of a home unprotected.
Gage Slacum, a computer science undergraduate student at the University of Tennessee, Knoxville, learned through his ORNL internship that it was possible to use a $150 device available on the market in conjunction with information found online to acquire goods from companies or turn devices on in someone else’s house. “Open-source information can be used in ways that are against the intended use,” Slacum said. “These inexpensive gadgets can manipulate electronics owned by other people.” His research underlined the availability of inexpensive tools and the low barrier of entry required to disrupt an IoT network.
Abigail Baker, a master’s degree student at Dakota State University, used her summer internship at ORNL to investigate robot vacuums. She compared a U.S. and a foreign made product to understand what kind of information is released by a vacuum without the owner’s permission. She was surprised to find that robot vacuums continually search for IP addresses, even when the device is supposed to be idle overnight. “The U.S. brand talked to the outside world a lot. It was sending out many pings, but I couldn’t see what data it was sending.”
Baker’s college courses just scratched the surface of giving her knowledge needed to understand device security. “Even though I earned a degree in cybersecurity, I learned through this internship that smart devices aren’t as secure as they claim to be,” she said.
While many higher education institutes offer courses and degrees in computer science and cybersecurity, the student experience varies. Course offerings are inconsistent across programs, and hands-on opportunities are limited. ORNL seeks to enhance students’ exposure to IoT and cybersecurity knowledge by partnering locally with Pellissippi State Community College. Through a recent $5,000 donation by ORNL, PSCC intends to build an IoT lab on campus while ORNL expands its complementary lab to give students a range of perspectives on cyber vulnerability research.
This Oak Ridge National Laboratory news article "Students break into, learn about cybersecurity in smart devices" was originally found on https://www.ornl.gov/news